Zachariah Mully
2002-Mar-01 00:56 UTC
[Shorewall-users] iptables 1.2.5 and shorewall 1.2.8?
Hey all- Trying to run sh 1.2.8 and iptables 1.2.5 on my linux 2.4.17 box. I build the kernel from kernel.org sources, and then patched it with iptables 1.2.5 by doing %make pending-patches KERNEL_DIR=/usr/src/linux I let it run and patched these: Welcome to Rusty''s Patch-o-matic! Each patch is a new feature: many have minimal impact, some do not. Almost every one has bugs, so I don''t recommend applying them all! ------------------------------------------------------- Already applied: submitted/2.4.4 submitted/conntrack-errormsg submitted/ip6tables-export-symbols submitted/ip6t_mac-fix-ipv6 submitted/ipchains-redirect-fix submitted/ip_nat_irc-srcaddr-fix submitted/ipt_LOG submitted/ipt_mac-fix submitted/ipt_MIRROR-ttl submitted/ipt_REJECT-checkentry submitted/ipt_unclean-ecn submitted/module-license submitted/netlink-tcpdiag submitted/sackperm submitted/skb_clone_copy submitted/tcp-MSS submitted/TOS-oops-fix Testing... mangle5hooks.patch ALREADY APPLIED (0 rejects out of 16 hunks). Then after compiling my kernel and making all the modules, I ran %make KERNEL_DIR=/usr/src/linux %make install KERNEL_DIR=/usr/src/linux Then I rebooted to my new kernel. Now when shorewall starts/stops I get errors like these: [root@acfw iptables-1.2.5]# /etc/init.d/shorewall stop Processing /etc/shorewall/shorewall.conf ... Processing /etc/shorewall/params ... Stopping Shorewall...iptables: libiptc/libip4tc.c:384: do_check: Assertion `h->info.valid_hooks == (1 << 0 | 1 << 3)'' failed. Aborted Anyone point me in the right direction? Sorry, I am bit fried at this point in the night and I think that I am missing some important step in the iptables patching (wasn''t this hard last time I did it). Thanks, Z
On Thursday 28 February 2002 04:56 pm, Zachariah Mully wrote:> Hey all- > =09Trying to run sh 1.2.8 and iptables 1.2.5 on my linux 2.4.17 box. I > build the kernel from kernel.org sources, and then patched it with > iptables 1.2.5 by doing > %make pending-patches KERNEL_DIR=3D/usr/src/linux > =09I let it run and patched these: > > > Welcome to Rusty''s Patch-o-matic! > > Each patch is a new feature: many have minimal impact, some do not. > Almost every one has bugs, so I don''t recommend applying them all! > ------------------------------------------------------- > Already applied: submitted/2.4.4 > submitted/conntrack-errormsg > submitted/ip6tables-export-symbols > submitted/ip6t_mac-fix-ipv6 > submitted/ipchains-redirect-fix > submitted/ip_nat_irc-srcaddr-fix > submitted/ipt_LOG > submitted/ipt_mac-fix > submitted/ipt_MIRROR-ttl > submitted/ipt_REJECT-checkentry > submitted/ipt_unclean-ecn > submitted/module-license > submitted/netlink-tcpdiag > submitted/sackperm > submitted/skb_clone_copy > submitted/tcp-MSS > submitted/TOS-oops-fix > > Testing... mangle5hooks.patch ALREADY APPLIED (0 rejects out of 16 > hunks). > > Then after compiling my kernel and making all the modules, I ran > %make KERNEL_DIR=3D/usr/src/linux > %make install KERNEL_DIR=3D/usr/src/linux > > Then I rebooted to my new kernel. > > Now when shorewall starts/stops I get errors like these: > > [root@acfw iptables-1.2.5]# /etc/init.d/shorewall stop > Processing /etc/shorewall/shorewall.conf ... > Processing /etc/shorewall/params ... > Stopping Shorewall...iptables: libiptc/libip4tc.c:384: do_check: > Assertion `h->info.valid_hooks =3D=3D (1 << 0 | 1 << 3)'' failed. > Aborted > > > Anyone point me in the right direction? Sorry, I am bit fried at this > point in the night and I think that I am missing some important step in > the iptables patching (wasn''t this hard last time I did it).Zach, I''ll bet you got your iptables user-space components from RedHat Rawhide.=20 RedHat built the tools with debugging enabled; unfortunately, there''s a bg in=20 that debugging code in that it doesn''t recognize the new mangle chains that=20 are included in the 1.2.5 kernel components. -Tom --=20 Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Zachariah Mully
2002-Mar-01 16:05 UTC
[Shorewall-users] iptables 1.2.5 and shorewall 1.2.8?
Tom- Thanks for the help... The box is a RH7.2 install. I am a bit confused though, as I thought that the iptables install both patched the kernel and upgraded the userspace tools. What''s the best way to get around this? Uninstall the Redhat iptables package (iptables-1.2.3-1) and remake/repatch my kernel? Thanks, Zack On Thu, 2002-02-28 at 20:10, Tom Eastep wrote:> Zach, > > I''ll bet you got your iptables user-space components from RedHat Rawhide. > RedHat built the tools with debugging enabled; unfortunately, there''s a bg in > that debugging code in that it doesn''t recognize the new mangle chains that > are included in the 1.2.5 kernel components. > > -Tom > --
On Friday 01 March 2002 08:05 am, Zachariah Mully wrote:> Tom- > =09Thanks for the help... The box is a RH7.2 install. I am a bit confused > though, as I thought that the iptables install both patched the kernel > and upgraded the userspace tools. What''s the best way to get around > this? Uninstall the Redhat iptables package (iptables-1.2.3-1) and > remake/repatch my kernel?Upgrade your iptables RPM to 1.2.5 -- you can find an RPM that works in=20 ftp://ftp.shorewall.net/pub/shorewall. -Tom --=20 Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net